Results 1 to 10 of 1320

Thread: SPAM frauds, fakes, and other MALWARE deliveries...

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake DHL invoice, Overdue invoice SPAM ...

    FYI...

    Fake DHL invoice SPAM
    - http://blog.dynamoo.com/2014/09/geir...st-dhl-no.html
    10 Sep 2014 - "Geir Myklebust is a real employee for DHL in Norway, but neither he nor DHL are responsible for this spam run in any way (their systems have NOT been breached either). Instead, it contains a malicious attachment and it should simply be deleted.
    From: Geir Myklebust (DHL NO) [Geir.Myklebust@ dhl .com]
    Date: 10 September 2014 10:35
    Subject: FW: customer acct. no.: 4690086 - invoice 0257241 needs to be paid
    Dear Sir.
    The attached invoice from Villmarksmessen 2014 has still not been settled.
    Please advise as soon as possible.
    Thank you and regards,
    Geir
    Med vennlig hilsen/ Kind Regards
    Geir Myklebust
    Product Manager, Avd. Trade Fairs & Events
    DHL Global Forwarding (Norway) AS
    Avd. Trade Fairs & Events
    Messeveien 14
    2004 Lillestrøm ...


    Attached is a ZIP file of various different names (e.g. invoice_0257241.zip), containing a malicious executable file invoice_3466198.exe which has a VirusTotal detection rate of 3/54*. The Comodo CAMAS report** shows an attempted connection to voladora .com/Imagenes/qaws.cab which is currently coming up with a socket error. I would recommend that you block access to that domain. Further analysis is pending..."
    * https://www.virustotal.com/en-gb/fil...is/1410342283/

    ** http://camas.comodo.com/cgi-bin/subm...a704a26cac5038

    "UPDATE: a second malicious binary is doing the round, this time with a detection rate of 2/53***..."
    *** https://www.virustotal.com/en-gb/fil...is/1410353017/

    92.43.17.6: https://www.virustotal.com/en/ip-add...6/information/

    - http://myonlinesecurity.co.uk/fw-cus...e-pdf-malware/
    10 Sep 2014
    - https://www.virustotal.com/en/file/f...is/1410350810/
    ___

    Fake Overdue invoice SPAM – doc malware
    - http://myonlinesecurity.co.uk/overdu...e-doc-malware/
    10 Sep 2014 - "'Overdue invoice #1197419584' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
    Good afternoon,
    I was hoping to hear from you by now. May I have payment on invoice #1197419584 today please, or would you like a further extension?
    Best regards,
    Cherish Schaunaman
    +07540 61 15 69

    ... or like this one:
    This email contains an invoice file in attachment.

    10 September 2014 : bill_2014-09-10_09-16-23_1197419584.arj :
    Extracts to: bill_2014-09-10_09-16-23_1197419584.exe
    Current Virus total detections: 6/55*
    Alternative version 10 September 2014 : Invoice4777_2C7.zip :
    Extracts to: attachment_scaned.doc .exe
    Current Virus total detections: 2/54**
    This 'Overdue invoice #1197419584' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper Microsoft word.doc file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
    * https://www.virustotal.com/en/file/4...is/1410342531/

    ** https://www.virustotal.com/en/file/8...is/1410341816/
    ___

    'Outstanding Warrant' Phone SCAMS
    - http://www.hoax-slayer.com/outstandi...ne-scams.shtml
    Sep 10, 2014 - "Scammers posing as law-enforcement officers are cold-calling people and tricking them into paying over the phone to resolve supposedly outstanding warrants. The scammers warn victims that, if they don't pay the requested fee, police may come to their home and arrest them... The scammers are reportedly quite skilled at impersonating police officers and are often able to convince victims that they are legitimate. When victims call back on the number provided, the scammers may identify their 'office' as a seemingly legitimate entity such as the 'County Warrants Department'. This simple -ruse- may further convince victims that the scammer's claims are true... This type of -scam- is certainly nothing new and has been around in various forms for many years... a flurry of reports from several US states suggests that these scammers are currently quite active. The scammers are also using variations of the old jury duty phone scam to steal money from victims. Police will -never- call you and demand an immediate payment to resolve an outstanding warrant. If you receive such a suspect call, do -not- give the caller any personal and financial information and do -not- comply with their instructions. If in doubt, call your local police to check. Do -not- use a phone number provided by the caller. Find a number for police in a local phone directory..."
    ___

    Malvertisements - YouTube, Amazon and Yahoo
    - http://www.computerworld.com/article...and-yahoo.html
    Sep 9, 2014 - "Malicious advertisements have popped up on websites such as YouTube, Amazon and Yahoo, part of a sophisticated campaign to spread malware, Cisco said*... When encountered, the malicious advertisements cause the user to be -redirected- to a different website, which triggers a download based on whether the computer is running Windows or Apple's OS X... Cisco didn't identify the advertising network that is serving the malicious advertisements. Although ad networks try to filter out malicious ones, occasionally bad ones slip in, which for a high-traffic site means a large pool of potential victims... Some of the malicious ads were served on youtube.com, amazon.com and ads.yahoo.com, Pelkmann wrote. All told, 74 domains were serving the ads. When a victim is -redirected- by one of the ads, the computer downloads a piece of malware with a unique checksum, making it harder for security software to detect. The download may also contain legitimate software such as a media player. To be infected, the user must be convinced to open the file. 'The attackers are purely relying on social engineering techniques in order to get the user to install the software package,' Pelkmann wrote. 'No drive-by exploits are being used thus far'..."
    * http://blogs.cisco.com/security/kyle-and-stan/

    Last edited by AplusWebMaster; 2014-09-10 at 18:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •